Skip to content

Commit 9b6d060

Browse files
woodruffwwoodruffw
committed
attestations: please the linting gods
Signed-off-by: William Woodruff <[email protected]>
1 parent 44929e6 commit 9b6d060

File tree

1 file changed

+27
-26
lines changed

1 file changed

+27
-26
lines changed

attestations.py

Lines changed: 27 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -73,29 +73,30 @@ def attest_dist(dist: Path, signer: Signer) -> None:
7373
debug(f"saved publish attestation: {dist=} {attestation_path=}")
7474

7575

76-
packages_dir = Path(sys.argv[1])
77-
78-
try:
79-
# NOTE: audience is always sigstore.
80-
oidc_token = detect_credential()
81-
identity = IdentityToken(oidc_token)
82-
except IdentityError as identity_error:
83-
# NOTE: We only perform attestations in trusted publishing flows, so we
84-
# don't need to re-check for the "PR from fork" error mode, only
85-
# generic token retrieval errors.
86-
cause = _TOKEN_RETRIEVAL_FAILED_MESSAGE.format(identity_error=identity_error)
87-
die(cause)
88-
89-
# Collect all sdists and wheels.
90-
dists = [sdist.absolute() for sdist in packages_dir.glob("*.tar.gz")]
91-
dists.extend(whl.absolute() for whl in packages_dir.glob("*.whl"))
92-
93-
with SigningContext.production().signer(identity, cache=True) as signer:
94-
for dist in dists:
95-
# This should never really happen, but some versions of GitHub's
96-
# download-artifact will create a subdirectory with the same name
97-
# as the artifact being downloaded, e.g. `dist/foo.whl/foo.whl`.
98-
if not dist.is_file():
99-
die(f"Path looks like a distribution but is not a file: {dist}")
100-
101-
attest_dist(dist, signer)
76+
if __name__ == "__main__":
77+
packages_dir = Path(sys.argv[1])
78+
79+
try:
80+
# NOTE: audience is always sigstore.
81+
oidc_token = detect_credential()
82+
identity = IdentityToken(oidc_token)
83+
except IdentityError as identity_error:
84+
# NOTE: We only perform attestations in trusted publishing flows, so we
85+
# don't need to re-check for the "PR from fork" error mode, only
86+
# generic token retrieval errors.
87+
cause = _TOKEN_RETRIEVAL_FAILED_MESSAGE.format(identity_error=identity_error)
88+
die(cause)
89+
90+
# Collect all sdists and wheels.
91+
dists = [sdist.absolute() for sdist in packages_dir.glob("*.tar.gz")]
92+
dists.extend(whl.absolute() for whl in packages_dir.glob("*.whl"))
93+
94+
with SigningContext.production().signer(identity, cache=True) as signer:
95+
for dist in dists:
96+
# This should never really happen, but some versions of GitHub's
97+
# download-artifact will create a subdirectory with the same name
98+
# as the artifact being downloaded, e.g. `dist/foo.whl/foo.whl`.
99+
if not dist.is_file():
100+
die(f"Path looks like a distribution but is not a file: {dist}")
101+
102+
attest_dist(dist, signer)

0 commit comments

Comments
 (0)